JetBrains Plugin

About

JetBrains IDEs are powerful integrated development environments used by millions of developers worldwide for building applications across various programming languages and frameworks. Whether you're developing in Java, Python, JavaScript, or any other supported language, JetBrains IDEs provide comprehensive tools for coding, debugging, and deployment.

The Keeper Security plugin allows JetBrains IDE users to integrate with Keeper Security vault to make managing secrets in development workflows easier and more secure. The plugin enables developers to replace hardcoded secrets with vault references and execute commands with injected credentials without exposing sensitive data.

Features

• Secret Management: Save, retrieve, and generate secrets directly from JetBrains IDEs using the Keeper Vault

• Secure Execution: Run commands with secrets injected from the Keeper Vault through .env file processing

• Folder Management: Select and manage Keeper vault folders for organized secret storage

• Record Operations: Create new records, update existing ones, and retrieve field references

• Cross-platform support: Windows, macOS, Linux

Prerequisites

• Keeper Commander CLI

  • Must be installed and authenticated on your system

  • Download from Keeper Commander Installation Guide

  • Authenticate using Persistent login or Biometric login

  • Keeper Security Account: Active subscription with vault access

• System Requirements

  • JetBrains IDE: Version 2021.1 or later (IntelliJ IDEA, PyCharm, WebStorm, PhpStorm, RubyMine, CLion, GoLand)

  • Java: Version 11 or later

  • Python: Version 3.6+ (required for Keeper Commander CLI)

Setup

Installation

Using JetBrains Marketplace

1. Open your JetBrains IDE

2. Go to File → Settings → Plugins (or IntelliJ IDEA → Preferences → Plugins on macOS)

3. Search for "Keeper Security"

4. Click "Install" and restart the IDE

Authentication

The plugin supports two authentication methods through Keeper Commander CLI:

Method 1: Biometric Authentication

# Login to Keeper
keeper shell

# Register biometric authentication
biometric register

# Follow prompts to set up biometric authentication

Method 2: Persistent Login

# Login to Keeper
keeper shell

# Register device for persistent login
this-device register

# Enable persistent login
this-device persistent-login on

# Verify configuration
this-device

Plugin Verification

1. Open any JetBrains IDE

2. Go to Tools → Keeper Vault → Check Keeper Authorization

3. Verify the authentication status shows success

Usage

All Keeper actions are available through:

1. Tools Menu: Tools → Keeper Vault → [Action]

2. Right-click Context Menu: Right-click in editor → [Action]

Available Commands

Basic Secret Management

1. Retrieving Existing Secrets

# Position cursor where you want the secret reference
database_password = |

# Use: Tools → Keeper Vault → Get Keeper Secret
# Select record and field from vault
# Result:
database_password = keeper://abc123def456/field/password

1. Adding New Secrets

// Select the secret text
const apiKey = "sk-1234567890abcdef";

// Use: Right-click → Add Keeper Record
// Enter title and field name
// Result:
const apiKey = keeper://new-record-uid/field/api_key;

1. Generating Secure Passwords

# Position cursor
admin_password: |

# Use: Tools → Keeper Vault → Generate Keeper Secret
# Enter record details
# Result:
admin_password: keeper://generated-record-uid/field/password

Secure Command Execution

Environment File Setup

Create a .env file with Keeper references, for example:

DATABASE_URL=keeper://db-record-uid/field/connection_string
API_KEY=keeper://api-record-uid/field/key
SECRET_KEY=keeper://app-record-uid/field/secret
JWT_SECRET=keeper://auth-record-uid/field/jwt_key

Running Commands with Injected Secrets

1. Right-click in your project → Run Keeper Securely

2. Select or confirm the .env file

3. Enter your command (e.g., python3 app.py)

4. Plugin fetches secrets and creates terminal with injected environment variables

# Plugin executes your command with actual values:
python3 app.py
# Environment contains:
# DATABASE_URL=postgresql://user:pass@host:5432/db
# API_KEY=ak_live_1234567890abcdef
# SECRET_KEY=super-secret-key-value
# JWT_SECRET=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Complete Workflow Example

# 1. Start with hardcoded secrets (bad practice)
import os
import requests

DB_PASSWORD = "hardcoded_password_123"
API_TOKEN = "secret_api_token_xyz"

# 2. Select and replace with vault references
# Use: Add Keeper Record for each secret
DB_PASSWORD = keeper://db-creds-uid/field/password
API_TOKEN = keeper://api-creds-uid/field/token

# 3. Create .env file for secure execution
# .env contents:
# DB_PASSWORD=keeper://db-creds-uid/field/password
# API_TOKEN=keeper://api-creds-uid/field/token

# 4. Run application securely
# Use: Run Keeper Securely with command "python3 my_app.py"

Actions Reference

Check Keeper Authorization

Verifies Keeper CLI installation and authentication status.

Usage: Tools → Keeper Vault → Check Keeper Authorization

Purpose: Troubleshoot connection issues and verify setup

Get Keeper Secret

Retrieves existing secrets from vault as references.

Usage: Position cursor, then Tools → Keeper Vault → Get Keeper Secret

Properties:

• Input: Cursor position in editor

• Output: Keeper reference inserted at cursor

• Format: keeper://record-uid/field/field-name

Add Keeper Record

Creates new vault record from selected text and replaces with reference.

Usage: Select text, then right-click → Add Keeper Record

Properties:

• Input: Selected text containing secret

• Output: Selected text replaced with Keeper reference

• Prompts: Record title, field name

Update Keeper Record

Updates existing vault record with new value from selected text.

Usage: Select text, then right-click → Update Keeper Record

Properties:

• Input: Selected text with updated secret value

• Output: Text replaced with existing record reference

• Selection: Choose existing record and field to update

Generate Keeper Secret

Generates secure password and stores in vault.

Usage: Position cursor, then Tools → Keeper Vault → Generate Keeper Secret

Properties:

• Input: Cursor position

• Output: Generated secure password reference

• Configuration: Automatic strong password generation

Get Keeper Folder

Selects vault folder for organizing new records.

Usage: Tools → Keeper Vault → Get Keeper Folder

Properties:

• Purpose: Set default folder for new records

• Scope: Applies to current workspace/project

• Persistence: Selection remembered across IDE sessions

Run Keeper Securely

Executes commands with secrets injected from .env file.

Usage: Right-click in project → Run Keeper Securely

Properties:

• Input: .env file with Keeper references

• Process: Fetches actual secret values from vault

• Output: Terminal with injected environment variables

• Security: No secret values exposed in IDE or file system

Platforms

The following platforms are supported:

• Linux: Ubuntu 18.04+, CentOS 7+, RHEL 7+, Debian 9+, Fedora 30+

• macOS: 10.14+ (Mojave and later)

• Windows: Windows 10+, Windows Server 2016+

Requirements

JetBrains IDEs

• IntelliJ IDEA: 2021.1+

• PyCharm: 2021.1+

• WebStorm: 2021.1+

• PhpStorm: 2021.1+

• RubyMine: 2021.1+

• CLion: 2021.1+

• GoLand: 2021.1+

• DataGrip: 2021.1+

• Rider: 2021.1+

Dependencies

• Java Runtime: 11+ (provided by JetBrains IDE)

• Python: 3.6+ (for Keeper Commander CLI)

• pip: Latest version (for CLI installation)